Tool to decode, validate, and inspect X.509 certificates (PEM, CRT, DER, CER, KEY). Verify public keys, chain of trust, expiration dates, and extensions.
X.509 Certificate - dCode
Tag(s) : Modern Cryptography
dCode is free and its tools are a valuable help in games, maths, geocaching, puzzles and problems to solve every day!
A suggestion ? a feedback ? a bug ? an idea ? Write to dCode!
X.509 Certificate
X.509 Certificate Viewer
Answers to Questions (FAQ)
What is an X.509 certificate? (Definition)
An X.509 certificate is a digital certificate standard used to authenticate an entity (a server, a user, a company, etc.). It relies on asymmetric cryptography (public/private key) and follows the format defined by the ITU-T (International Telecommunication Union).
Its primary function is to associate a public key with an identity (domain name, email address, etc.) and guarantee this association through a digital signature issued by a Certificate Authority (CA). This enables the securing of HTTPS (TLS/SSL) connections, the signing of software, the authentication of users or machines, and more.
How to recognize an X.509 certificate?
An X.509 certificate can take several forms:
— Binary file (.der, .cer): DER (Distinguished Encoding Rules) encoded format
— Text file (.pem, .crt, .key): PEM (Base64, delimited by -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----) format.
The content of an X.509 certificate generally consists of the following fields:
— Version
— Serial number
— Signature algorithm
— Issuer: Certificate Authority (CA)
— Subject: Certified identity (e.g., CN=example.com)
— Expiry date
etc.
What are the variants of X.509 certificates?
X.509 certificates come in several types depending on their use:
— Server certificate, authenticates a website via HTTPS (TLS/SSL)
— Client certificate, authenticates a user or device, such as for a VPN
— CA certificate, issued by a certificate authority to sign other certificates
— Self-signed certificate, signed with its own private key (no CA), used for local development
— Wildcard certificate, covers a domain and its subdomains (e.g., *.example.com)
— S/MIME certificate, used to encrypt/sign secure emails
There are others.
What is a Certification Authority (CA)?
A Certificate Authority (CA) is a trusted entity that issues, signs, and revokes X.509 certificates.
It guarantees the authenticity of the identities associated with public keys.
Example: Digicert, Symantec, Let's Encrypt, Microsoft AD CS
What is a certificate revocation?
A certificate can be revoked before its expiry date if the private key is compromised, the certified identity is no longer valid, or the CA detects an anomaly or fraud.
Source code
dCode retains ownership of the "X.509 Certificate" source code. Any algorithm for the "X.509 Certificate" algorithm, applet or snippet or script (converter, solver, encryption / decryption, encoding / decoding, ciphering / deciphering, breaker, translator), or any "X.509 Certificate" functions (calculate, convert, solve, decrypt / encrypt, decipher / cipher, decode / encode, translate) written in any informatic language (Python, Java, PHP, C#, Javascript, Matlab, etc.) or any database download or API access for "X.509 Certificate" or any other element are not public (except explicit open source licence). Same with the download for offline use on PC, mobile, tablet, iPhone or Android app.
Reminder: dCode is an educational and teaching resource, accessible online for free and for everyone.
Cite dCode
The content of the page "X.509 Certificate" and its results may be freely copied and reused, including for commercial purposes, provided that dCode.fr is cited as the source (Creative Commons CC-BY free distribution license).
Exporting the results is free and can be done simply by clicking on the export icons ⤓ (.csv or .txt format) or ⧉ (copy and paste).
To cite dCode.fr on another website, use the link:
In a scientific article or book, the recommended bibliographic citation is: X.509 Certificate on dCode.fr [online website], retrieved on 2025-12-04,
